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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings., of claims in the 
application: 

Listing of Claims : 

Claims 1-12 (canceled) 



Y 



V 



Claim 13. (currently amended): A method of authenticating the identity of a user 
to determine access to a system, comprising: 

providing a possession-based data instance, a modified version of the 
possession-based data instance, a knowledge-based data instanc e, a biometric- 
based data instance, and a modified version of the biometric-based data instance; 

generating a first cryptographic key based on the knowledge-based data 
instance; 

applying the first cryptographic key to the modified version of the 
possession-based data instance to generate a first recovered data instance; 

interrogating the first recovered data instance against tin: possession-based 
data instance to generate a possession value as a result of a first (correspondence 
evaluation; 

applying the first cryptographic key to the modified version of the 
biometric-based data instance to generate a second recovered data instance; 
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interrogating the second recovered data instance against the biometric- 
based data instance to generate a biometric value as a result of a second 
correspondence evaluation; 

combining the first crvntogranhic key, the possession value, and the 
biometric value to form an m.thrntinntinn vnhwn ^rond rirptograBhjcJeex 
restricting the user's access to the system if the user's identity is not 
authenticated, based at least in part on the authentication value; and 

granting the user's access to the system if the user's identity is 
authenticated, based at least in part on the authentication value. 

14. (original): The method of claim 13, wherein restricting the user's access 
includes denying the user's access. 

15. (original): The method of claim 13, wherein the modified version of the 
biometric-based data instance is a first modified version of the biometric-based 
data instance, and the biometric value is a second modified version of the 
biometric-based data instance. 

16. (original): The method of claim 15, wherein the biometric value is a 
cryptographic hash of the biometric-based data instance. 
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1 7. (currently amended): The method of claim 13, wherein restricting the user's 
access to the system and granting the user's access to the system is based on a 
modified version of the authentication valuo second crvtop rphioj^ 

18. (currently amended): The method of claim 17, wherein the modified version 
of the authentication value second crypto praphiP key is a cryptographic hash of 
the authentication valuo second cryptographic key . 

19. (currently amended) A method of authenticating the identity of a user to 
determine access to a system, comprising: 

providing a possession-based data instance, a stored biometric-based data 
instance, and a read biometric-based data instance; 

interrogating the stored biometric-based data instance against the read 
biometric-based data instance to generate a biometric value as a result of a 
correspondence evaluation; 

combining the possession-based data instance and the biometric value to 
form an authentication value a cryptographic kev : 

evaluating the authentication valuo cryptographic kev to determine if the 
user's identity is authenticated; 

restricting the user's access to the system if the user's identity is not 
authenticated, based at least in part on the cryptographic key auth* 
and 
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granting the user's access to the system if the user's identity is 

authenticated, based at least in part on the cryptographic kev guihontioation value. 

20. (original) The method of claim 19, wherein restricting the user's access 
includes denying the user's access. 

21 . (original) The method of claim 19, wherein the biometric Viilue is a modified 
version of the biometriobased data instance. 

22. (original) The method of claim 21, wherein the biometric value is a 
cryptographic hash of the biometric-based data instance. 




23. (currently amended) The method of claim 19, wherein restricting the user's 
access to the system and granting the user's access to the system is based on a 
modified version of the cryptographic kev authentication value . 

24. (currently amended) The method of claim 23, wherein the m odified version of 
the cryptographic kev authentication valu e is a cryptographic ha ih of the 
cryptographic kev auth e ntication value . 

25. (currently amended) A method of authenticating the identity of a user to 
determine access to a system, comprising: 
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providing a possession-based data instance, a biometric-based data 

instance, and a modified version of the biometric-based data instance; 

applying the possession-based data instance to the modified version of the 

biometric-based data instance to generate a recovered data instance; 

interrogating the recovered data instance against the biometric-based data 

instance to generate a biometric value as a result of a correspondence evaluation; 

combining the possession-based data instance and the biometric value to 

form a cryptographic key an auth e ntication valu e; 

evaluating the cryptographic key authentication valu e to determine if the 

user's identity is authenticated; 

restricting the user's access to the system if the user's identity is not 

authenticated, based at Least in part on the cryptographic key aut hentication value ; 

and 

granting the user's access to the system if the user's identity is 
authenticated, based at least in part on the cryptographic key aut hentication value . 

26. (original) The method of claim 25, wherein restricting the user's access 
includes denying the user's access. 

27. (original) The method of claim 25, wherein the modified version of the 
biometric-based data instance is a first modified version of the biometric-based 
data instance, and the biometric value is a second modified version of the 
biometric-based data instance. 
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28. (original) The method of claim 27, wherein the biometric value is a 

cryptographic hash of the biometric-based data instance. 

\^ 29. (currently amended) The method of claim 25, wherein restr icting the user's 

access to the system and granting the user's access to the system is based on a 
modified version of the cryptographic key authentication valu e 

30, (currently amended) The method of claim 29, wherein the modified version of 
the cryptographic key authentication value is a cryptographic h ash of the 
cryptographic key authentication value . 
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